lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 5 Wiki Activity

Adds proper logging to CSRF middleware

main
Yasen Pramatarov 2025-02-23 13:51:36 +02:00
parent c61f42792f
commit 34779bb891
2 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/includes/csrf_middleware.php
View File

@ -3,6 +3,7 @@
require_once __DIR__ . '/../helpers/security.php';
function applyCsrfMiddleware() {
global $dbWeb, $logObject;
$security = SecurityHelper::getInstance();
// Skip CSRF check for GET requests
@ -22,9 +23,13 @@ function applyCsrfMiddleware() {
$token = $_POST['csrf_token'] ?? '';
if (!$security->verifyCsrfToken($token)) {
// Log CSRF attempt
error_log("CSRF attempt detected from IP: " . $_SERVER['REMOTE_ADDR']);
//FIXME log class not loaded
// $logObject->insertLog(0, "CSRF attempt detected from IP: " . $_SERVER['REMOTE_ADDR'], 'system');
$logMessage = sprintf(
"CSRF attempt detected - IP: %s, Page: %s, User: %s",
$_SERVER['REMOTE_ADDR'],
$_GET['page'] ?? 'unknown',
$_SESSION['username'] ?? 'anonymous'
);
$logObject->insertLog(0, $logMessage);
// Return error message
http_response_code(403);